Hi,
Older libosinfo releases were signed with Daniel's key:
$ gpg --verify libosinfo_1.2.0.orig.tar.gz.asc
gpg: assuming signed data in 'libosinfo_1.2.0.orig.tar.gz'
gpg: Signature made Mi 20 Jun 2018 11:46:42 CEST
gpg: using RSA key 0xBE86EBB415104FDF
gpg: Good signature from "Daniel P. Berrange <dan@xxxxxxxxxxxx>" [unknown]
gpg: aka "Daniel P. Berrange <berrange@xxxxxxxxxx>" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
Primary key fingerprint: DAF3 A6FD B26B 6291 2D0E 8E3F BE86 EBB4 1510 4FDF
And this key can be found on keyservers
https://pgp.surfnet.nl/pks/lookup?search=0xBE86EBB415104FDF&fingerprint=on&op=index
1.4.0 seems to use a different key
$ gpg --verify libosinfo-1.4.0.tar.gz.asc
gpg: assuming signed data in 'libosinfo-1.4.0.tar.gz'
gpg: Signature made Fr 01 Mär 2019 17:01:14 CET
gpg: using RSA key 09B9C8FF223EF113AFA06A39EE926C2BDACC177B
gpg: Can't check signature: No public key
However i can't find that key on keyservers nor mentioned on
https://libosinfo.org/ nor at https://releases.pagure.org/libosinfo/.
Can you point me to the signing key?
Cheers,
-- Guido
_______________________________________________
Libosinfo mailing list
Libosinfo@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libosinfo
